[one-users] Problem with ldap authentication

Tino Vazquez tinova at opennebula.org
Mon Jun 20 06:34:00 PDT 2011


Hi,

Indeed, this is a bug. I've opened a ticket [1] to keep track of the
solution.

Regards,

-Tino

[1] http://dev.opennebula.org/issues/689

--
Constantino Vázquez Blanco, MSc
OpenNebula Major Contributor
www.OpenNebula.org | @tinova79


On Mon, Jun 20, 2011 at 12:45 PM, Carlos A. <caralla at upv.es> wrote:

> **
> The problem is that in the original one_auth_mad.rb, the code is fine (is
> distinct than the one distributed in the ldap authentication addon).
>
> When I install the ldap addon, the resulting one_auth_mad.rb is the one
> that I was dealing with.
>
> (from the ONE bundle directory just uncompressed)
> $ diff ./src/authm_mad/one_auth_mad.rb
> ../one/tmp/ldap-2.2.0/src/one_auth_mad.rb
> (... license ...)
> 34a37
> > require 'ldap_auth'
> 59c62
> <             @authenticate=driver.new
> ---
> >             @authenticate=driver.new(@config)
> 65c68
> <             @authenticate=SimpleAuth.new
> ---
> >             @authenticate=SimpleAuth.new(@config)
> 79c82
> <                 request_id, 'Successfully authenticated')
> ---
> >                 request_id, user, token)
> 87,92c90
> <         begin
> <             auth=@permissions.auth(user_id, tokens.flatten)
> <         rescue Exception => e
> <             auth="Error: #{e}"
> <         end
> <
> ---
> >         auth=@permissions.auth(user_id, tokens.flatten)
> 103,108d100
> < begin
> <     am=AuthorizationManager.new
> < rescue Exception => e
> <     puts "Error: #{e}"
> <     exit(-1)
> < end
> 109a102
> > am=AuthorizationManager.new
>
> -----------------------------
>
> You can notice that the line
>
> request_id, 'Successfully authenticated')
>
> has been substituted by the faulty line in the ldap addon
>
> request_id, user, token)
>
> Regards,
> Carlos A.
>
>
> El 20/06/11 12:14, Tino Vazquez escribió:
>
> Hi Carlos,
>
>  I am not able to find the code you are referring to, which version of
> OpenNebula are you using?
>
>  Regards,
>
>  -Tino
>
> --
> Constantino Vázquez Blanco, MSc
> OpenNebula Major Contributor
> www.OpenNebula.org | @tinova79
>
>
> On Thu, Jun 16, 2011 at 5:15 PM, Carlos A. <caralla at upv.es> wrote:
>
>>  Hello,
>>
>> I have finally got it:
>>
>> I have found 1 error in lib/mads/one_auth_mad.rb
>>
>> ...
>>     def action_authenticate(request_id, user_id, user, password, token)
>>         auth=@authenticate.auth(user_id, user, password, token)
>>         if auth==true
>>             send_message('AUTHENTICATE', RESULT[:success], request_id,
>> user, token)
>>         else
>>             send_message('AUTHENTICATE', RESULT[:failure],
>>                 request_id, auth)
>>         end
>>     end
>> ...
>>
>> the problem is the line
>>             send_message('AUTHENTICATE', RESULT[:success], request_id,
>> user, token)
>>
>> where there are 5 parameters while send_message needs only 4. If I leave
>> these 5 parameters, one fails and the one daemon dies, but when I remove the
>> last one (token), it works both for simple and ldap authentication.
>>
>> Neither simple or ldap were working before because of the exception of the
>> "send_message" function.
>>
>> The code that I am using (it works for me) is:
>>
>> ...
>>     def action_authenticate(request_id, user_id, user, password, token)
>>         auth=@authenticate.auth(user_id, user, password, token)
>>         if auth==true
>>             send_message('AUTHENTICATE', RESULT[:success], request_id,
>> user)
>>         else
>>             send_message('AUTHENTICATE', RESULT[:failure], request_id,
>> auth)
>>         end
>>     end
>> ...
>>
>> Regards,
>> Carlos A.
>>
>>
>>
>> El 16/06/11 13:11, Tino Vazquez escribió:
>>
>> Hi Carlos,
>>
>>  Let's try the driver by hand again, but also with the authentication
>> part:
>>
>>  # ruby -dw $ONE_LOCATION/lib/mads/one_auth_mad.rb
>>  AUTHENTICATE 0 -1 <LDAP_DN> - <LDAP_DN:plain:LDAP_PASSWORD>
>>
>>  this will tell if the failure is in the driver or the core.
>>
>>  Regards,
>>
>>  -Tino
>>
>> --
>> Constantino Vázquez Blanco, MSc
>> OpenNebula Major Contributor
>> www.OpenNebula.org | @tinova79
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110620/461cf86b/attachment-0003.htm>


More information about the Users mailing list